Analysis
-
max time kernel
36s -
max time network
155s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
23-10-2024 15:25
Static task
static1
Behavioral task
behavioral1
Sample
6fa396c435aa74e935fb3d20d68b8d71_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
General
-
Target
6fa396c435aa74e935fb3d20d68b8d71_JaffaCakes118.apk
-
Size
6.3MB
-
MD5
6fa396c435aa74e935fb3d20d68b8d71
-
SHA1
9b2ff3dea9c378c12f5cd64d392a7a21a3f505d8
-
SHA256
9669b41554d066c398b85c11d1cb366c37d7ec466328d5f0f85f592540e2fd47
-
SHA512
d988205dd33f6781432c21a4f7db6479af0115f4ca32cd59dbd4a85baba87410e79f5229b3344bb54cca86e05ace267e9e4b0adafb2f252f814fae8c909ee563
-
SSDEEP
196608:PTaM9GFSE63zyPhq2gyEnx3Be5ixtl9lBUJc2eJ9:raM9GFSENM27Enq4lJJ9
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.baidu.appsearchioc process /system/bin/su com.baidu.appsearch /system/xbin/su com.baidu.appsearch -
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
com.baidu.appsearchdescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.baidu.appsearch -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 5 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.baidu.appsearch:bdservice_v1com.baidu.appsearch:websuiteServicecom.baidu.appsearchcom.baidu.appsearch:locationservicecom.baidu.appsearch:gptInstallerdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.baidu.appsearch:bdservice_v1 Framework service call android.app.IActivityManager.getRunningAppProcesses com.baidu.appsearch:websuiteService Framework service call android.app.IActivityManager.getRunningAppProcesses com.baidu.appsearch Framework service call android.app.IActivityManager.getRunningAppProcesses com.baidu.appsearch:locationservice Framework service call android.app.IActivityManager.getRunningAppProcesses com.baidu.appsearch:gptInstaller -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.baidu.appsearch:locationservicedescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.baidu.appsearch:locationservice -
Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
Processes:
com.baidu.appsearchdescription ioc process URI accessed for read content://media/external/images/media com.baidu.appsearch -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.baidu.appsearch:locationservicedescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.baidu.appsearch:locationservice -
Acquires the wake lock 1 IoCs
Processes:
com.baidu.appsearch:websuiteServicedescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.baidu.appsearch:websuiteService -
Makes use of the framework's foreground persistence service 1 TTPs 2 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.baidu.appsearchcom.baidu.appsearch:websuiteServicedescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.baidu.appsearch Framework service call android.app.IActivityManager.setServiceForeground com.baidu.appsearch:websuiteService -
Queries information about active data network 1 TTPs 3 IoCs
Processes:
com.baidu.appsearch:locationservicecom.baidu.appsearch:bdservice_v1com.baidu.appsearchdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.baidu.appsearch:locationservice Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.baidu.appsearch:bdservice_v1 Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.baidu.appsearch -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.baidu.appsearchdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.baidu.appsearch -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
Processes:
com.baidu.appsearchcom.baidu.appsearch:locationservicecom.baidu.appsearch:bdservice_v1description ioc process Framework service call android.app.IActivityManager.registerReceiver com.baidu.appsearch Framework service call android.app.IActivityManager.registerReceiver com.baidu.appsearch:locationservice Framework service call android.app.IActivityManager.registerReceiver com.baidu.appsearch:bdservice_v1 -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.baidu.appsearchcom.baidu.appsearch:bdservice_v1description ioc process Framework API call javax.crypto.Cipher.doFinal com.baidu.appsearch Framework API call javax.crypto.Cipher.doFinal com.baidu.appsearch:bdservice_v1 -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.baidu.appsearchdescription ioc process File opened for read /proc/cpuinfo com.baidu.appsearch -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.baidu.appsearchdescription ioc process File opened for read /proc/meminfo com.baidu.appsearch
Processes
-
com.baidu.appsearch1⤵
- Checks if the Android device is rooted.
- Makes use of the framework's Accessibility service
- Queries information about running processes on the device
- Reads the content of photos stored on the user's device.
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4238 -
cat /proc/mounts2⤵PID:4290
-
com.baidu.appsearch:locationservice1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4315
-
com.baidu.appsearch:bdservice_v11⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4434
-
com.baidu.appsearch:gptInstaller1⤵
- Queries information about running processes on the device
PID:4447
-
com.baidu.appsearch:websuiteService1⤵
- Queries information about running processes on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
PID:4497
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Execution Guardrails
1Geofencing
1Foreground Persistence
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Discovery
Location Tracking
1Process Discovery
1Software Discovery
1Security Software Discovery
1System Information Discovery
3System Network Configuration Discovery
1System Network Connections Discovery
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
128KB
MD5138bf393365bb6213f4590b9799dea68
SHA1fede7b928100125ab465e5c9b83846e59d0eb726
SHA256005fd4e04ac523f26415ab7e98d35219b6a8bb08dd435b308b2ef9fabd79d355
SHA512639e8e473dfba1496a976512ad07086223477db182fbffd46cf52254781db39a10eb55ca5f0f76faeeef4814653eda06e407fdc9e05be43d9a8e32c8700357d8
-
Filesize
512B
MD589414ebc72cf3f8ed5eb28ab8cf8bee9
SHA103023df19a79e90f924be0248c26d26d605806f0
SHA2560da351e34b18294ef1e6b3e426301de69c0be5d64c33c8b20f099c48f42a5959
SHA5121268091154219983c17a7603c756141e85ac003696b837637b21108b97dd89b0477d3f324f11a07c6ea0d48b281cd660bcd928d087e816d7478c5ca57f9d4bf4
-
Filesize
410KB
MD545117f88a7de70871d880d03a3215331
SHA12790517adc18957aeff6f8b028b442bf9b305fff
SHA25613e07e0d6ec5b470ab2a01fee2ffa8cfa6ea9e9a1a0f7b3f7186188640450516
SHA51218871e6eecdfeef1f8fceb15536e5e36c0c1cee9e11126f12e0d0b7fbd7f6d4f60083c4aedd6e83d77db657433dbd22247459dd50d47a2c67051e64a30f09cb2
-
Filesize
512B
MD5e67e287b3ec40d1dd32baa26acccaca0
SHA1a510d831993c1582ce522acb874dfb5af125df71
SHA256be159004f8ebde9a8a1885285fc1b19188822c027c7ccc054beca7ed27b28d63
SHA512b32b14de5843d9e2ca63c3d8e373c4b4bb1047623bc384c5558f415f4c8856994dd8d8fe85776fef49499b8c3301294e4218b15ac62059586736337b590ac184
-
Filesize
28KB
MD50cea1b657587ebf2f8abf334241291bb
SHA15fde27a67bbe63e5974df91e73aa2e0a272efb77
SHA256476ce55d10daf895b017a7fb72beb86aca239780aaa79c7f14d376d92c3ee6e2
SHA5124651db12633a74eef17bb2d4e074db6d83172a6270800a1378a4915a300a000068c8ee903036ae8da81a7a027771a6e5dd708370583667799e2255337e9fb796
-
Filesize
512B
MD5ebf96552bf9977ab16b827e912e5b8e6
SHA1fcadc8a785bb9104f70216acfff7e0244aa7f1e7
SHA256e1dd927d7634daf5ba69069340e2fe8fc7f15808890c9c755e082fa721918f45
SHA512fd449258c49b6de6d7a7f8d3af712a39f4cc42c00823762a55df4636659c2408d5a01190384bc8fd1f1cd5226099557b99aee450750c113ef9c4515f0d23cde7
-
Filesize
32KB
MD5e1f4b8c96e258f7ddd839d3b1645fc1a
SHA1928e1c673791f00be05a8e28c0b54d8b9e8b2ccf
SHA256911d0a2b0daa8416efc33775e50675d21d8a149d5373f0abf694cc8f66518023
SHA512321a38bb5cca2c37206eb6acd7d515080569add917ccecd634b6a1bb372ab2bc65cb63708f7c3297511c521fe908670de5891510f2620144f2765f2cd515dbfb
-
Filesize
512B
MD5a9fba9b1c1425f01b78f23607e48e445
SHA130ad54202b2c5ab1ed7bb7c3854a0149fe11ae4a
SHA256bc4fa3f61387b03f475f384436a08b8d0283342d6c082a00ea8af3f769e50346
SHA5125af065b098c52809eeb6f024a1b2ed53a21a4ed366e3c49ef6794cc403e862f540e667cbc01b62e9c239f5032522ebf275c61c0350c1eecc31d620447b5d212a
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
32KB
MD5b0fb1914eb2e39baaae725a081b68371
SHA10d982c8799fe8d511a10c1ff0391499db4fd2b54
SHA2562883e999eda18dc0001d5ef71424a39e4c98d2f2caa7782635182ad7a39c8189
SHA512d8b220b2580d713163d134b1c53f7673f3af23656d4cca2a8b58555fa19bbd3965cd65d5340dc67c2d42058af7ed614b014800107ded6e1847dc25c548959468
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD56c603b0f3de29c3889d997877205f1f1
SHA10471904bac3677a787d2a222a4b460943227a9bb
SHA256b005f6535a7afa7b23d038b3f000b8dc892b7bbb168370dccea8a2af2e0fdba8
SHA512150245150b5522d392996e641c1273af2ac3010f15a084a020561ed98d6035bce2ab0b63dc9cc6af747ad9f0cddc6cdb5172d544f728d23422a8050dfd0650d7
-
Filesize
32KB
MD5de43720f96b260dbd147aa102a5db8ec
SHA144aeb5e9e0c1cb15e1ef4a7cee5cab72c9902eda
SHA256ac21fbcf7cadecad0d3796ce8f454e68d3043834d4512e5a85826e1790ef9296
SHA5123104a179ae07ea7796be94298ddae54199858abb00faa169962094b2780c193154f5da33a268a1e5f69bf5f0947af259bbb848336623846c7c0d7dfa044bf652
-
Filesize
36KB
MD5b06b8ddcda389db2eb74b5d0b0d5bc4c
SHA1ca60192b1893860c331ed4201c633160f3f4430d
SHA2561707af4803daf7c4f52740766e719610d27cbb298f93f54e43c6ea9091880d52
SHA512c80b3bfba7bf672402adda60fc762ac2bee9287eeaf805bf2668cf916ec789c80783f74b5b5ddbdcf77e7dd07add492cbd95b890fc5d581842e3d38773006cd7
-
Filesize
512B
MD512b5d844146dd0df680986af23a47ef1
SHA16b03fe608a5e5488bbd1b5f3b6aa224befefd5ba
SHA25648038e195e120892b50ccfe2a30472e6a218ccd86ae8de03f7d722b4f363d021
SHA512cd448801b3465d9b66080f53d259f3117a96d13b3d9e335a33f0f25c3f27b7ec278a135236e214fe716f2edbaa36020595ac3a3959a815c2d8927ebfa81a4e4b
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
32KB
MD573bbc2b0bbf1ba87bd5fc80b4addd323
SHA11ef26ed9c614abe7bc59ec4a90bb6f6fbc39827a
SHA256c997d1e0180b7269ab55890c0af7f07925f22b854c4acf8d59237dad003e4d90
SHA5126fa8d3d712d17a1ab08e59146679779ac5c527910d9f0c8ac06d5f567f4150115cf1052954efe91ba1a15d11cd08377d9c0e4119ea7ee66b72da7715e1e1dc80
-
Filesize
512B
MD5c36c397dbcc696ed054fd2aa87e937c1
SHA1ef885f79f782df4ce6ac17cee5bf77ab78a0fb60
SHA25653d90f80d6b937a5d7d628ca175020b9f4b91591ddd098909b227dd6218a8a82
SHA512cc3f09191271c61f22d4b0b81ce31f3c9c870f7c66a7dd9d230aefe7836f6ca0e6612a15dfde16a4900d6398df4f909f0e17bb695c2bb9cdd3030251f1d42f8f
-
Filesize
32KB
MD51a58cf44f327de38b3abb29196bc4247
SHA189487e5f4d97f56a141696e5164b31ca6b9b8e07
SHA256762af22699b657822b4daa32f942524440a869fc65ccb830129367c362037c97
SHA51276a3c8e416c26f6fb4a691d5379556bec05eb2811b48d51d0f8c6a0d619b67b1b64512246928f316b7ffe822b49050c16f96cfbb0fa3c2e26bd7c3ecbe029060
-
Filesize
32KB
MD58d72efecdce2d5ba6964e1275ab5ce99
SHA126ba03eee8cc17218e8a738fdee0cfee12a2a9bb
SHA256bace774a8304f31354671cd7f8823235083e5390812fe3de2cc83de0762c602d
SHA5120334b86ed02b909984d83f3503464a8f80cf9ee6b4679ea9734bd45ad85bc51f6e18fa345a48a1ca4cfc302c2b152a7ed2d1f46ff8b1c178359831000e1a3671
-
Filesize
512B
MD540163d21f6ed5129c86e4dedd1ca044b
SHA11688788649ea28efb3da3e3230c0ee3368076c73
SHA25685c40c6a54261adbb930766947f3ec81e9cef93d38a6a4e1df3ce2590af6254a
SHA512764ced2310b7cf9daad661fa92e8cf90a0bc4a6378d84ace3a237ad9f0f59288d7a8953c165c277e91c84b77bef90060dd8eaaecbba26d07fd32851fa0a78a4a
-
Filesize
32KB
MD5fcb9fe8d8b867acbbeff34a17f7d4953
SHA16bd40c489a46150e8cd2685858a42530bb52166e
SHA2566f4aad7c45726353dfa5cbef3514365462004b55fc34f3374585560570bf8383
SHA51297c5dea95586fb89b3d3591260781f0b3be4b63196016f0bdc45a3fa0155ad40a30cdd91424f23a1254bf0018202a53faa997cb156300f6f63d34227a765366a
-
Filesize
28KB
MD5ed54faa8351d73ce77826ad9f7571102
SHA174d800e5cf83ca7679a4d727b956eb9016365be3
SHA256ba329a3472c5e171be0432d4d4472b5183b064707871e0e35150764e87b71aa6
SHA512ba93f7b4f03d8e40b1aba63c06cdbd2f99ab5730faddd287e13821c8623b1026607d6ce5da70e4f6be1e59f6f94b76c19d781d280c0f435c6a7d56f8f326245d
-
Filesize
13KB
MD543c5217651372a37db368d96fde6b34e
SHA137c83eacf170376111abd63777df294037b9d025
SHA2567c3a5087335525e948545711628985deb818a5da3a62748d564208f9ffbb1dcc
SHA512268b851261962e8146f4ffc9f61baeb7f81c02b7ca8035438f910a0bb8ed33e76c43f1df16e15cf4ae571b9566472d3d1b84d2b02c2076df07977dde44a036ca
-
Filesize
89B
MD55796548ee4a1243c07b5dee707cb99e9
SHA12e161160ddf55e6dbbbec998ab8834dce5a82084
SHA256297169d040097ef26058b4119461cb272e96275e90b3a5f0ee916874c5be9951
SHA512827d11804f2c09d26b49bee74254e3bd7588d6aed7a5b12739b0e172e3e4d577e79b3a7ce6c1e0d0c5e268f82a52f9b12d609f18858ae2342fd606c3278d803d
-
Filesize
89B
MD5fe52d5882ae20c97740bfbcfdb64b3b0
SHA103e2e2967cb8e1a0cfe586d27405462cd2ab0593
SHA256f516f88b49a3bd0be29702c7f5fa2330e531d76e72ba8fd5109f44ad055ccf9d
SHA5120806f4465474f482c47e4a5a5fc5271a06a2df217be680b5f61fece3afd7a49f9c7faf301e1c4642fdb0376814cb2b72017fe63cf8f95411ff3fec154f8a3aff